r/PE_and_consulting

Trying to get compliant with EU AI Act before August

We're a 60-person B2B SaaS company. AI is running in more places than I have a handle on. Sales uses it for outreach drafts. Support has a chatbot on tier-1 tickets. Dev plugged it into code review. An analyst built an internal reporting tool I found out about last month when he mentioned it offhand in a standup.

None of it went through a formal approval process. Tools got adopted, managers approved individual subscriptions without looping in legal or security, and nobody thought to build a list. That worked fine until the EU AI Act became a real deadline.

August 2026—the Article 50 transparency requirements—is close enough that my COO wants a policy before Q3. My legal counsel sent a 40-page summary. My CTO says we're probably fine. I have no idea who's right because I can't even answer the most basic question: what AI are we actually running?

Four things I'm stuck on, in order of how much sleep they're costing me:

The inventory. I need a list of every AI tool and use case before I can do anything else. Did you build that through a survey, through IT asset management, or through department heads? Curious what actually worked versus what turned into a three-month project.

Risk tiers. Our support chatbot touches customer data. Our code review tool is internal only. I'm assuming those are in different compliance buckets, but I don't know how to make that call without a framework.

Evidence. Legal keeps asking for decision records. What we have is Slack threads and email chains going back two years. Is there a practical way to reconstruct that, or do you start fresh from here?

Vendors. Three of our AI tools updated their underlying models in the past six months. Nobody told us; we noticed accidentally. Are we supposed to run a new review every time a vendor pushes an update?

Happy to hear from anyone who's gotten further along than “we should probably do something about this.”

reddit.com
u/904Ratmir — 2 days ago
▲ 1 r/PE_and_consulting+1 crossposts

patients are already running their labs through chatgpt. hospitals aren't. this is a product gap nobody's filling

microsoft + kff released data in may showing patients are routinely pasting their doctor's notes, lab results, and prescription info into chatgpt to get plain-language interpretation. meanwhile hospitals are stuck. no FDA standard for patient-facing AI, no clear liability model, no infrastructure for clinical-context-aware LLMs.

the gap is huge and someone's going to fill it.

what's happening right now:

  • patients get AI interpretation of clinical data with zero EHR context, zero history, zero medical-grade safeguards
  • the model doesn't know which lab values are normal for that specific patient
  • no integration with the care team. patient gets advice, doctor finds out 6 weeks later when the question comes up at follow-up
  • PHI is being pasted into general-purpose consumer LLMs

we've been working with a healthtech client whose patient portal feature requests shifted noticeably in the last 12 months. "explain my labs in plain language" is now 3x more common than it was. the demand is there, the supply (from the actual healthcare system) isn't.

the product opportunity is the middle layer. AI that:

  • reads the patient's actual chart, not just the line of text they pasted
  • explains in their language and reading level
  • flags things the patient should bring up at next visit instead of acting on
  • routes urgent stuff to the care team automatically
  • keeps PHI inside a HIPAA-compliant boundary

tbh the companies best positioned to build this aren't the hospitals. it's whoever's already integrated with EHRs and willing to take on the regulatory work.

question: anyone here building consumer-facing healthtech AI right now? how are you handling the liability framing? curious whether you're positioning as "interpretation" vs "guidance" vs something else entirely.

reddit.com
u/SapientPro_Team — 14 days ago